Vulnerability in EPiServer.Forms
When I added a String(<=255) property, in there out put html code, there is a <span> </span> added with the value, how to or is it possible to removed the span tag?
If you want to use the <EPiServer:Property> webcontrol, take a look at these blog posts:
Be carful with the code below that can break your page:
<%= CurrentPage.Property["PropertyName"] %>
You should always take care to add html encoding:
<%= HttpUtility.HtmlEncode(CurrentPage.Property["PropertyName"] as string) %>
Read more: http://blog.fredrikhaglund.se/blog/2008/12/08/epipattern-how-to-render-valid-xhtml-part-12/
Fredrik, u r so cool :) Still teaching CMS5 beginners course these days?
Thx for ur comments!!!